Hello, challenge fans! Ed Skoudis and Yori “Skellington” Kvitchko here, with our announcement of the answers and winners from the holiday hacker challenge The Nightmare Before Charlie Brown’s Christmas. In past challenges, we typically showed our answers first, followed by the winner announcement. But, we know that everyone instantly jumps down to the winners first (we can tell this using the Metasploit-based tracking software we clandestinely installed on each of your systems while you read our packet captures – JUST KIDDING!). So, in a topsy-turvy fashion for a change of pace, we’ll first announce the winners, and then provide our answers to the challenge.

As usual, this year’s competition was intense, with some of the smartest and most clever folks we’ve ever seen participating. Also, many of you had a nice scent as well (we can tell via the new Meterpreter smell-o-matic script included in the payload of our tracking software; thanks for coding that one up, Carlos). Our respondents included tried-and-true experts who have worked through many challenges in the past, intermixed with freshly minted newbies impressively building their skills, and everyone in between. Many people commented that the challenge really helped get them engaged in VoIP attack analysis for the first time, which is one of the primary reasons we write these darned things. Even if you didn’t win, we do hope that your had fun and learned some valuable lessons about VoIP (in)security.